api-docs/4.22.0/_user_activity_summary_8java_source.html

 /*

  * Autopsy Forensic Browser

  *

  * Copyright 2020-2021 Basis Technology Corp.

  * Contact: carrier <at> sleuthkit <dot> org

  *

  * Licensed under the Apache License, Version 2.0 (the "License");

  * you may not use this file except in compliance with the License.

  * You may obtain a copy of the License at

  *

  *     http://www.apache.org/licenses/LICENSE-2.0

  *

  * Unless required by applicable law or agreed to in writing, software

  * distributed under the License is distributed on an "AS IS" BASIS,

  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.

  * See the License for the specific language governing permissions and

  * limitations under the License.

  */

 package org.sleuthkit.autopsy.datasourcesummary.datamodel;


 import java.io.File;

 import java.util.ArrayList;

 import java.util.Arrays;

 import java.util.Collection;

 import java.util.Collections;

 import java.util.Comparator;

 import java.util.Date;

 import java.util.HashMap;

 import java.util.HashSet;

 import java.util.List;

 import java.util.Map;

 import java.util.Set;

 import java.util.function.Function;

 import java.util.logging.Level;

 import java.util.stream.Collectors;

 import java.util.stream.Stream;

 import org.apache.commons.lang3.StringUtils;

 import org.apache.commons.lang3.tuple.Pair;

 import org.openide.util.NbBundle.Messages;

 import org.sleuthkit.autopsy.datasourcesummary.datamodel.SleuthkitCaseProvider.SleuthkitCaseProviderException;

 import org.sleuthkit.datamodel.BlackboardArtifact;

 import org.sleuthkit.datamodel.BlackboardAttribute;

 import org.sleuthkit.datamodel.DataSource;

 import org.sleuthkit.datamodel.TskCoreException;

 import org.sleuthkit.autopsy.texttranslation.NoServiceProviderException;

 import org.sleuthkit.autopsy.texttranslation.TextTranslationService;

 import org.sleuthkit.autopsy.texttranslation.TranslationException;

 import static org.sleuthkit.datamodel.BlackboardArtifact.ARTIFACT_TYPE;

 import static org.sleuthkit.datamodel.BlackboardAttribute.ATTRIBUTE_TYPE;


 public class UserActivitySummary {


     private static final List<Function<List<String>, String>> SHORT_FOLDER_MATCHERS = Arrays.asList(

             // handle Program Files and Program Files (x86) - if true, return the next folder

             (pathList) -> {

                 if (pathList.size() < 2) {

                     return null;

                 }


                 String rootParent = pathList.get(0).toUpperCase();

                 if ("PROGRAM FILES".equals(rootParent) || "PROGRAM FILES (X86)".equals(rootParent)) {

                     return pathList.get(1);

                 } else {

                     return null;

                 }

             },

             // if there is a folder named "APPLICATION DATA" or "APPDATA"

             (pathList) -> {

                 for (String pathEl : pathList) {

                     String uppered = pathEl.toUpperCase();

                     if ("APPLICATION DATA".equals(uppered) || "APPDATA".equals(uppered)) {

                         return "AppData";

                     }

                 }

                 return null;

             }

     );


     private static final BlackboardArtifact.Type TYPE_DEVICE_ATTACHED = new BlackboardArtifact.Type(ARTIFACT_TYPE.TSK_DEVICE_ATTACHED);

     private static final BlackboardArtifact.Type TYPE_WEB_HISTORY = new BlackboardArtifact.Type(ARTIFACT_TYPE.TSK_WEB_HISTORY);


     private static final BlackboardAttribute.Type TYPE_DATETIME = new BlackboardAttribute.Type(ATTRIBUTE_TYPE.TSK_DATETIME);

     private static final BlackboardAttribute.Type TYPE_DATETIME_ACCESSED = new BlackboardAttribute.Type(ATTRIBUTE_TYPE.TSK_DATETIME_ACCESSED);

     private static final BlackboardAttribute.Type TYPE_DEVICE_ID = new BlackboardAttribute.Type(ATTRIBUTE_TYPE.TSK_DEVICE_ID);

     private static final BlackboardAttribute.Type TYPE_DEVICE_MAKE = new BlackboardAttribute.Type(ATTRIBUTE_TYPE.TSK_DEVICE_MAKE);

     private static final BlackboardAttribute.Type TYPE_DEVICE_MODEL = new BlackboardAttribute.Type(ATTRIBUTE_TYPE.TSK_DEVICE_MODEL);

     private static final BlackboardAttribute.Type TYPE_MESSAGE_TYPE = new BlackboardAttribute.Type(ATTRIBUTE_TYPE.TSK_MESSAGE_TYPE);

     private static final BlackboardAttribute.Type TYPE_TEXT = new BlackboardAttribute.Type(ATTRIBUTE_TYPE.TSK_TEXT);

     private static final BlackboardAttribute.Type TYPE_DATETIME_RCVD = new BlackboardAttribute.Type(ATTRIBUTE_TYPE.TSK_DATETIME_RCVD);

     private static final BlackboardAttribute.Type TYPE_DATETIME_SENT = new BlackboardAttribute.Type(ATTRIBUTE_TYPE.TSK_DATETIME_SENT);

     private static final BlackboardAttribute.Type TYPE_DATETIME_START = new BlackboardAttribute.Type(ATTRIBUTE_TYPE.TSK_DATETIME_START);

     private static final BlackboardAttribute.Type TYPE_DATETIME_END = new BlackboardAttribute.Type(ATTRIBUTE_TYPE.TSK_DATETIME_END);

     private static final BlackboardAttribute.Type TYPE_DOMAIN = new BlackboardAttribute.Type(ATTRIBUTE_TYPE.TSK_DOMAIN);

     private static final BlackboardAttribute.Type TYPE_PROG_NAME = new BlackboardAttribute.Type(ATTRIBUTE_TYPE.TSK_PROG_NAME);

     private static final BlackboardAttribute.Type TYPE_PATH = new BlackboardAttribute.Type(ATTRIBUTE_TYPE.TSK_PATH);

     private static final BlackboardAttribute.Type TYPE_COUNT = new BlackboardAttribute.Type(ATTRIBUTE_TYPE.TSK_COUNT);


     private static final String NTOS_BOOT_IDENTIFIER = "NTOSBOOT";

     private static final String WINDOWS_PREFIX = "/WINDOWS";


     private static final Comparator<TopAccountResult> TOP_ACCOUNT_RESULT_DATE_COMPARE = (a, b) -> a.getLastAccessed().compareTo(b.getLastAccessed());

     private static final Comparator<TopWebSearchResult> TOP_WEBSEARCH_RESULT_DATE_COMPARE = (a, b) -> a.getLastAccessed().compareTo(b.getLastAccessed());


     private static final Comparator<TopProgramsResult> TOP_PROGRAMS_RESULT_COMPARE = (a, b) -> {

         // first priority for sorting is the run times

         // if non-0, this is the return value for the comparator

         int runTimesCompare = nullableCompare(a.getRunTimes(), b.getRunTimes());

         if (runTimesCompare != 0) {

             return -runTimesCompare;

         }


         // second priority for sorting is the last run date

         // if non-0, this is the return value for the comparator

         int lastRunCompare = nullableCompare(

                 a.getLastAccessed() == null ? null : a.getLastAccessed().getTime(),

                 b.getLastAccessed() == null ? null : b.getLastAccessed().getTime());


         if (lastRunCompare != 0) {

             return -lastRunCompare;

         }


         // otherwise sort alphabetically

         return (a.getProgramName() == null ? "" : a.getProgramName())

                 .compareToIgnoreCase((b.getProgramName() == null ? "" : b.getProgramName()));

     };


     private static final Set<String> DEVICE_EXCLUDE_LIST = new HashSet<>(Arrays.asList("ROOT_HUB", "ROOT_HUB20"));

     private static final Set<String> DOMAIN_EXCLUDE_LIST = new HashSet<>(Arrays.asList("127.0.0.1", "LOCALHOST"));


     private static final long MS_PER_DAY = 1000 * 60 * 60 * 24;

     private static final long DOMAIN_WINDOW_DAYS = 30;

     private static final long DOMAIN_WINDOW_MS = DOMAIN_WINDOW_DAYS * MS_PER_DAY;


     private final SleuthkitCaseProvider caseProvider;

     private final TextTranslationService translationService;

     private final java.util.logging.Logger logger;


     public UserActivitySummary() {

         this(SleuthkitCaseProvider.DEFAULT, TextTranslationService.getInstance(),

                 org.sleuthkit.autopsy.coreutils.Logger.getLogger(UserActivitySummary.class.getName()));

     }


     public UserActivitySummary(

             SleuthkitCaseProvider provider,

             TextTranslationService translationService,

             java.util.logging.Logger logger) {


         this.caseProvider = provider;

         this.translationService = translationService;

         this.logger = logger;

     }


     private static void assertValidCount(int count) {

         if (count <= 0) {

             throw new IllegalArgumentException("Count must be greater than 0");

         }

     }


     public static String getShortFolderName(String strPath, String applicationName) {

         if (strPath == null) {

             return "";

         }


         List<String> pathEls = new ArrayList<>(Arrays.asList(applicationName));


         File file = new File(strPath);

         while (file != null && org.apache.commons.lang.StringUtils.isNotBlank(file.getName())) {

             pathEls.add(file.getName());

             file = file.getParentFile();

         }


         Collections.reverse(pathEls);


         for (Function<List<String>, String> matchEntry : SHORT_FOLDER_MATCHERS) {

             String result = matchEntry.apply(pathEls);

             if (org.apache.commons.lang.StringUtils.isNotBlank(result)) {

                 return result;

             }

         }


         return "";

     }


     public List<TopDomainsResult> getRecentDomains(DataSource dataSource, int count) throws TskCoreException, SleuthkitCaseProviderException {

         assertValidCount(count);


         if (dataSource == null) {

             return Collections.emptyList();

         }


         Pair<Long, Map<String, List<Pair<BlackboardArtifact, Long>>>> mostRecentAndGroups = getDomainGroupsAndMostRecent(dataSource);

         // if no recent domains, return accordingly

         if (mostRecentAndGroups.getKey() == null || mostRecentAndGroups.getValue().size() == 0) {

             return Collections.emptyList();

         }


         final long mostRecentMs = mostRecentAndGroups.getLeft();

         Map<String, List<Pair<BlackboardArtifact, Long>>> groups = mostRecentAndGroups.getRight();


         return groups.entrySet().stream()

                 .map(entry -> getDomainsResult(entry.getKey(), entry.getValue(), mostRecentMs))

                 .filter(result -> result != null)

                 // sort by number of visit times in those 30 days (max to min)

                 .sorted((a, b) -> -Long.compare(a.getVisitTimes(), b.getVisitTimes()))

                 // limit the result number to the parameter provided

                 .limit(count)

                 .collect(Collectors.toList());

     }


     private TopDomainsResult getDomainsResult(String domain, List<Pair<BlackboardArtifact, Long>> visits, long mostRecentMs) {

         long visitCount = 0;

         Long thisMostRecentMs = null;

         BlackboardArtifact thisMostRecentArtifact = null;


         for (Pair<BlackboardArtifact, Long> visitInstance : visits) {

             BlackboardArtifact artifact = visitInstance.getLeft();

             Long visitMs = visitInstance.getRight();

             // make sure that visit is within window of mostRecentMS; otherwise skip it.

             if (visitMs == null || visitMs + DOMAIN_WINDOW_MS < mostRecentMs) {

                 continue;

             }


             // if visit is within window, increment the count and get most recent

             visitCount++;

             if (thisMostRecentMs == null || visitMs > thisMostRecentMs) {

                 thisMostRecentMs = visitMs;

                 thisMostRecentArtifact = artifact;

             }

             thisMostRecentMs = getMax(thisMostRecentMs, visitMs);

         }


         // if there are no visits within the window, return null

         if (visitCount <= 0 || thisMostRecentMs == null) {

             return null;

         } else {

             // create a top domain result with the domain, count, and most recent visit date

             return new TopDomainsResult(domain, visitCount, new Date(thisMostRecentMs), thisMostRecentArtifact);

         }

     }


     private Pair<Long, Map<String, List<Pair<BlackboardArtifact, Long>>>> getDomainGroupsAndMostRecent(DataSource dataSource) throws TskCoreException, SleuthkitCaseProviderException {

         List<BlackboardArtifact> artifacts = DataSourceInfoUtilities.getArtifacts(caseProvider.get(), TYPE_WEB_HISTORY,

                 dataSource, TYPE_DATETIME_ACCESSED, DataSourceInfoUtilities.SortOrder.DESCENDING, 0);


         Long mostRecentMs = null;

         Map<String, List<Pair<BlackboardArtifact, Long>>> domainVisits = new HashMap<>();


         for (BlackboardArtifact art : artifacts) {

             Long artifactDateSecs = DataSourceInfoUtilities.getLongOrNull(art, TYPE_DATETIME_ACCESSED);

             String domain = DataSourceInfoUtilities.getStringOrNull(art, TYPE_DOMAIN);


             // if there isn't a last access date or domain for this artifact, it can be ignored.

             // Also, ignore the loopback address.

             if (artifactDateSecs == null || StringUtils.isBlank(domain) || DOMAIN_EXCLUDE_LIST.contains(domain.toUpperCase().trim())) {

                 continue;

             }


             Long artifactDateMs = artifactDateSecs * 1000;


             // update the most recent visit date overall

             mostRecentMs = getMax(mostRecentMs, artifactDateMs);


             //Normalize the domain to lower case.

             domain = domain.toLowerCase().trim();


             // add this visit date to the list of dates for the domain

             List<Pair<BlackboardArtifact, Long>> domainVisitList = domainVisits.get(domain);

             if (domainVisitList == null) {

                 domainVisitList = new ArrayList<>();

                 domainVisits.put(domain, domainVisitList);

             }


             domainVisitList.add(Pair.of(art, artifactDateMs));

         }


         return Pair.of(mostRecentMs, domainVisits);

     }


     private static Long getMax(Long num1, Long num2) {

         if (num1 == null) {

             return num2;

         } else if (num2 == null) {

             return num1;

         } else {

             return num2 > num1 ? num2 : num1;

         }

     }


     private static TopWebSearchResult getWebSearchResult(BlackboardArtifact artifact) {

         String searchString = DataSourceInfoUtilities.getStringOrNull(artifact, TYPE_TEXT);

         Date dateAccessed = DataSourceInfoUtilities.getDateOrNull(artifact, TYPE_DATETIME_ACCESSED);

         return (StringUtils.isNotBlank(searchString) && dateAccessed != null)

                 ? new TopWebSearchResult(searchString, dateAccessed, artifact)

                 : null;

     }


     public List<TopWebSearchResult> getMostRecentWebSearches(DataSource dataSource, int count) throws SleuthkitCaseProviderException, TskCoreException {

         assertValidCount(count);


         if (dataSource == null) {

             return Collections.emptyList();

         }


         // get the artifacts

         List<BlackboardArtifact> webSearchArtifacts = caseProvider.get().getBlackboard()

                 .getArtifacts(ARTIFACT_TYPE.TSK_WEB_SEARCH_QUERY.getTypeID(), dataSource.getId());


         // group by search string (case insensitive)

         Collection<TopWebSearchResult> resultGroups = webSearchArtifacts

                 .stream()

                 // get items where search string and date is not null

                 .map(UserActivitySummary::getWebSearchResult)

                 // remove null records

                 .filter(result -> result != null)

                 // get the latest message for each search string

                 .collect(Collectors.toMap(

                         (result) -> result.getSearchString().toUpperCase(),

                         result -> result,

                         (result1, result2) -> TOP_WEBSEARCH_RESULT_DATE_COMPARE.compare(result1, result2) >= 0 ? result1 : result2))

                 .values();


         // get the most recent date for each search term

         List<TopWebSearchResult> results = resultGroups

                 .stream()

                 // get most recent searches first

                 .sorted(TOP_WEBSEARCH_RESULT_DATE_COMPARE.reversed())

                 .limit(count)

                 // get as list

                 .collect(Collectors.toList());


         // get translation if possible

         if (translationService.hasProvider()) {

             for (TopWebSearchResult result : results) {

                 result.setTranslatedResult(getTranslationOrNull(result.getSearchString()));

             }

         }


         return results;

     }


     private String getTranslationOrNull(String original) {

         if (!translationService.hasProvider() || StringUtils.isBlank(original)) {

             return null;

         }


         String translated = null;

         try {

             translated = translationService.translate(original);

         } catch (NoServiceProviderException | TranslationException ex) {

             logger.log(Level.WARNING, String.format("There was an error translating text: '%s'", original), ex);

         }


         // if there is no translation or the translation is the same as the original, return null.

         if (StringUtils.isBlank(translated)

                 || translated.toUpperCase().trim().equals(original.toUpperCase().trim())) {


             return null;

         }


         return translated;

     }


     private TopDeviceAttachedResult getMostRecentDevice(TopDeviceAttachedResult r1, TopDeviceAttachedResult r2) {

         if (r2.getLastAccessed()== null) {

             return r1;

         }


         if (r1.getLastAccessed() == null) {

             return r2;

         }


         return r1.getLastAccessed().compareTo(r2.getLastAccessed()) >= 0 ? r1 : r2;

     }


     public List<TopDeviceAttachedResult> getRecentDevices(DataSource dataSource, int count) throws SleuthkitCaseProviderException, TskCoreException {

         assertValidCount(count);


         if (dataSource == null) {

             return Collections.emptyList();

         }


         Collection<TopDeviceAttachedResult> results = DataSourceInfoUtilities.getArtifacts(caseProvider.get(), TYPE_DEVICE_ATTACHED,

                 dataSource, TYPE_DATETIME, DataSourceInfoUtilities.SortOrder.DESCENDING, 0)

                 .stream()

                 .map(artifact -> {

                     return new TopDeviceAttachedResult(

                             DataSourceInfoUtilities.getStringOrNull(artifact, TYPE_DEVICE_ID),

                             DataSourceInfoUtilities.getDateOrNull(artifact, TYPE_DATETIME),

                             DataSourceInfoUtilities.getStringOrNull(artifact, TYPE_DEVICE_MAKE),

                             DataSourceInfoUtilities.getStringOrNull(artifact, TYPE_DEVICE_MODEL),

                             artifact

                     );

                 })

                 // remove Root Hub identifier

                 .filter(result -> {

                     return result.getDeviceId() == null

                             || result.getDeviceModel() == null

                             || !DEVICE_EXCLUDE_LIST.contains(result.getDeviceModel().trim().toUpperCase());

                 })

                 .collect(Collectors.toMap(result -> result.getDeviceId(), result -> result, (r1, r2) -> getMostRecentDevice(r1, r2)))

                 .values();


         return results.stream()

                 .limit(count)

                 .collect(Collectors.toList());

     }


     private static TopAccountResult getMessageAccountResult(BlackboardArtifact artifact) {

         String type = DataSourceInfoUtilities.getStringOrNull(artifact, TYPE_MESSAGE_TYPE);

         Date date = DataSourceInfoUtilities.getDateOrNull(artifact, TYPE_DATETIME);

         return (StringUtils.isNotBlank(type) && date != null)

                 ? new TopAccountResult(type, date, artifact)

                 : null;

     }


     private static TopAccountResult getAccountResult(BlackboardArtifact artifact, String messageType, BlackboardAttribute.Type... dateAttrs) {

         String type = messageType;


         Date latestDate = null;

         if (dateAttrs != null) {

             latestDate = Stream.of(dateAttrs)

                     .map((attr) -> DataSourceInfoUtilities.getDateOrNull(artifact, attr))

                     .filter((date) -> date != null)

                     .max((a, b) -> a.compareTo(b))

                     .orElse(null);

         }


         return (StringUtils.isNotBlank(type) && latestDate != null)

                 ? new TopAccountResult(type, latestDate, artifact)

                 : null;

     }


     @Messages({

         "DataSourceUserActivitySummary_getRecentAccounts_emailMessage=Email Message",

         "DataSourceUserActivitySummary_getRecentAccounts_calllogMessage=Call Log",})

     public List<TopAccountResult> getRecentAccounts(DataSource dataSource, int count) throws SleuthkitCaseProviderException, TskCoreException {

         assertValidCount(count);


         if (dataSource == null) {

             return Collections.emptyList();

         }


         Stream<TopAccountResult> messageResults = caseProvider.get().getBlackboard().getArtifacts(ARTIFACT_TYPE.TSK_MESSAGE.getTypeID(), dataSource.getId())

                 .stream()

                 .map((art) -> getMessageAccountResult(art));


         Stream<TopAccountResult> emailResults = caseProvider.get().getBlackboard().getArtifacts(ARTIFACT_TYPE.TSK_EMAIL_MSG.getTypeID(), dataSource.getId())

                 .stream()

                 .map((art) -> {

                     return getAccountResult(

                             art,

                             Bundle.DataSourceUserActivitySummary_getRecentAccounts_emailMessage(),

                             TYPE_DATETIME_RCVD,

                             TYPE_DATETIME_SENT);

                 });


         Stream<TopAccountResult> calllogResults = caseProvider.get().getBlackboard().getArtifacts(ARTIFACT_TYPE.TSK_CALLLOG.getTypeID(), dataSource.getId())

                 .stream()

                 .map((art) -> {

                     return getAccountResult(

                             art,

                             Bundle.DataSourceUserActivitySummary_getRecentAccounts_calllogMessage(),

                             TYPE_DATETIME_START,

                             TYPE_DATETIME_END);

                 });


         Stream<TopAccountResult> allResults = Stream.concat(messageResults, Stream.concat(emailResults, calllogResults));


         // get them grouped by account type

         Collection<TopAccountResult> groupedResults = allResults

                 // remove null records

                 .filter(result -> result != null)

                 // get these messages grouped by account type and get the most recent of each type

                 .collect(Collectors.toMap(

                         result -> result.getAccountType(),

                         result -> result,

                         (result1, result2) -> TOP_ACCOUNT_RESULT_DATE_COMPARE.compare(result1, result2) >= 0 ? result1 : result2))

                 .values();


         // get account type sorted by most recent date

         return groupedResults

                 .stream()

                 // get most recent accounts accessed

                 .sorted(TOP_ACCOUNT_RESULT_DATE_COMPARE.reversed())

                 // limit to count

                 .limit(count)

                 // get as list

                 .collect(Collectors.toList());

     }


     private TopProgramsResult getTopProgramsResult(BlackboardArtifact artifact) {

         String programName = DataSourceInfoUtilities.getStringOrNull(artifact, TYPE_PROG_NAME);


         // ignore items with no name or a ntos boot identifier

         if (StringUtils.isBlank(programName) || NTOS_BOOT_IDENTIFIER.equalsIgnoreCase(programName)) {

             return null;

         }


         String path = DataSourceInfoUtilities.getStringOrNull(artifact, TYPE_PATH);


         // ignore windows directory

         if (StringUtils.startsWithIgnoreCase(path, WINDOWS_PREFIX)) {

             return null;

         }


         Integer count = DataSourceInfoUtilities.getIntOrNull(artifact, TYPE_COUNT);

         Long longCount = (count == null) ? null : (long) count;


         return new TopProgramsResult(

                 programName,

                 path,

                 longCount,

                 DataSourceInfoUtilities.getDateOrNull(artifact, TYPE_DATETIME),

                 artifact

         );

     }


     private static Date getMax(Date date1, Date date2) {

         if (date1 == null) {

             return date2;

         } else if (date2 == null) {

             return date1;

         } else {

             return date1.compareTo(date2) > 0 ? date1 : date2;

         }

     }


     private static int nullableCompare(Long long1, Long long2) {

         if (long1 == null && long2 == null) {

             return 0;

         } else if (long1 != null && long2 == null) {

             return 1;

         } else if (long1 == null && long2 != null) {

             return -1;

         }


         return Long.compare(long1, long2);

     }


     private static boolean isPositiveNum(Long longNum) {

         return longNum != null && longNum > 0;

     }


     public List<TopProgramsResult> getTopPrograms(DataSource dataSource, int count) throws SleuthkitCaseProviderException, TskCoreException {

         assertValidCount(count);


         if (dataSource == null) {

             return Collections.emptyList();

         }


         // Get TopProgramsResults for each TSK_PROG_RUN artifact

         Collection<TopProgramsResult> results = caseProvider.get().getBlackboard().getArtifacts(ARTIFACT_TYPE.TSK_PROG_RUN.getTypeID(), dataSource.getId())

                 .stream()

                 // convert to a TopProgramsResult object or null if missing critical information

                 .map((art) -> getTopProgramsResult(art))

                 // remove any null items

                 .filter((res) -> res != null)

                 // group by the program name and program path

                 // The value will be a TopProgramsResult with the max run times

                 // and most recent last run date for each program name / program path pair.

                 .collect(Collectors.toMap(

                         res -> Pair.of(

                                 res.getProgramName() == null ? null : res.getProgramName().toUpperCase(),

                                 res.getProgramPath() == null ? null : res.getProgramPath().toUpperCase()),

                         res -> res,

                         (res1, res2) -> {

                             Long maxRunTimes = getMax(res1.getRunTimes(), res2.getRunTimes());

                             Date maxDate = getMax(res1.getLastAccessed(), res2.getLastAccessed());

                             TopProgramsResult maxResult = TOP_PROGRAMS_RESULT_COMPARE.compare(res1, res2) >= 0 ? res1 : res2;

                             return new TopProgramsResult(

                                     maxResult.getProgramName(),

                                     maxResult.getProgramPath(),

                                     maxRunTimes,

                                     maxDate,

                                     maxResult.getArtifact());

                         })).values();


         List<TopProgramsResult> orderedResults = results.stream()

                 .sorted(TOP_PROGRAMS_RESULT_COMPARE)

                 .collect(Collectors.toList());


         // only limit the list to count if there is no last run date and no run times.

         if (!orderedResults.isEmpty()) {

             TopProgramsResult topResult = orderedResults.get(0);

             // if run times / last run information is available, the first item should have some value,

             // and then the items should be limited accordingly.

             if (isPositiveNum(topResult.getRunTimes())

                     || (topResult.getLastAccessed() != null && isPositiveNum(topResult.getLastAccessed().getTime()))) {

                 return orderedResults.stream().limit(count).collect(Collectors.toList());

             }

         }


         // otherwise return the alphabetized list with no limit applied.

         return orderedResults;

     }


     public static class LastAccessedArtifact {


         private final Date lastAccessed;

         private final BlackboardArtifact artifact;


         public LastAccessedArtifact(Date lastAccessed, BlackboardArtifact artifact) {

             this.lastAccessed = lastAccessed;

             this.artifact = artifact;

         }


         public Date getLastAccessed() {

             return lastAccessed;

         }


         public BlackboardArtifact getArtifact() {

             return artifact;

         }

     }


     public static class TopWebSearchResult extends LastAccessedArtifact {


         private final String searchString;

         private String translatedResult;


         public TopWebSearchResult(String searchString, Date dateAccessed, BlackboardArtifact artifact) {

             super(dateAccessed, artifact);

             this.searchString = searchString;

         }


         public String getTranslatedResult() {

             return translatedResult;

         }


         public void setTranslatedResult(String translatedResult) {

             this.translatedResult = translatedResult;

         }


         public String getSearchString() {

             return searchString;

         }

     }


     public static class TopDeviceAttachedResult extends LastAccessedArtifact {


         private final String deviceId;

         private final String deviceMake;

         private final String deviceModel;


         public TopDeviceAttachedResult(String deviceId, Date dateAccessed, String deviceMake, String deviceModel, BlackboardArtifact artifact) {

             super(dateAccessed, artifact);

             this.deviceId = deviceId;

             this.deviceMake = deviceMake;

             this.deviceModel = deviceModel;

         }


         public String getDeviceId() {

             return deviceId;

         }


         public String getDeviceMake() {

             return deviceMake;

         }


         public String getDeviceModel() {

             return deviceModel;

         }

     }


     public static class TopAccountResult extends LastAccessedArtifact {


         private final String accountType;


         public TopAccountResult(String accountType, Date lastAccess, BlackboardArtifact artifact) {

             super(lastAccess, artifact);

             this.accountType = accountType;

         }


         public String getAccountType() {

             return accountType;

         }

     }


     public static class TopDomainsResult extends LastAccessedArtifact {


         private final String domain;

         private final Long visitTimes;


         public TopDomainsResult(String domain, Long visitTimes, Date lastVisit, BlackboardArtifact artifact) {

             super(lastVisit, artifact);

             this.domain = domain;

             this.visitTimes = visitTimes;

         }


         public String getDomain() {

             return domain;

         }


         public Long getVisitTimes() {

             return visitTimes;

         }

     }


     public static class TopProgramsResult extends LastAccessedArtifact {


         private final String programName;

         private final String programPath;

         private final Long runTimes;


         TopProgramsResult(String programName, String programPath, Long runTimes, Date lastRun, BlackboardArtifact artifact) {

             super(lastRun, artifact);

             this.programName = programName;

             this.programPath = programPath;

             this.runTimes = runTimes;

         }


         public String getProgramName() {

             return programName;

         }


         public String getProgramPath() {

             return programPath;

         }


         public Long getRunTimes() {

             return runTimes;

         }

     }

 }

org::sleuthkit.autopsy.datasourcesummary.datamodel.DataSourceInfoUtilities
Definition: DataSourceInfoUtilities.java:45

org::sleuthkit.autopsy.datasourcesummary.datamodel.UserActivitySummary.TYPE_DATETIME
static final BlackboardAttribute.Type TYPE_DATETIME
Definition: UserActivitySummary.java:91

org::sleuthkit

org::sleuthkit.autopsy.datasourcesummary.datamodel.UserActivitySummary.TOP_WEBSEARCH_RESULT_DATE_COMPARE
static final Comparator< TopWebSearchResult > TOP_WEBSEARCH_RESULT_DATE_COMPARE
Definition: UserActivitySummary.java:111

org::sleuthkit.autopsy.datasourcesummary.datamodel.UserActivitySummary.TopDomainsResult.TopDomainsResult
TopDomainsResult(String domain, Long visitTimes, Date lastVisit, BlackboardArtifact artifact)
Definition: UserActivitySummary.java:987

org::sleuthkit::datamodel::BlackboardAttribute::ATTRIBUTE_TYPE::TSK_COUNT
TSK_COUNT

org::sleuthkit::datamodel::BlackboardAttribute::ATTRIBUTE_TYPE::TSK_DEVICE_MAKE
TSK_DEVICE_MAKE

org::sleuthkit.autopsy.datasourcesummary.datamodel.DataSourceInfoUtilities.SortOrder.DESCENDING
DESCENDING
Definition: DataSourceInfoUtilities.java:164

org::sleuthkit.autopsy.datasourcesummary.datamodel.UserActivitySummary.LastAccessedArtifact.LastAccessedArtifact
LastAccessedArtifact(Date lastAccessed, BlackboardArtifact artifact)
Definition: UserActivitySummary.java:832

org::sleuthkit.autopsy.datasourcesummary.datamodel.UserActivitySummary.logger
final java.util.logging.Logger logger
Definition: UserActivitySummary.java:149

org::sleuthkit.autopsy.datasourcesummary.datamodel
Definition: AnalysisSummary.java:19

org::sleuthkit.autopsy.datasourcesummary.datamodel.UserActivitySummary.TopDomainsResult.domain
final String domain
Definition: UserActivitySummary.java:976

org::sleuthkit.autopsy.datasourcesummary.datamodel.UserActivitySummary.TYPE_DEVICE_MODEL
static final BlackboardAttribute.Type TYPE_DEVICE_MODEL
Definition: UserActivitySummary.java:95

org::sleuthkit.autopsy.datasourcesummary.datamodel.SleuthkitCaseProvider.DEFAULT
SleuthkitCaseProvider DEFAULT
Definition: SleuthkitCaseProvider.java:66

org::sleuthkit.autopsy.datasourcesummary.datamodel.UserActivitySummary.getMax
static Date getMax(Date date1, Date date2)
Definition: UserActivitySummary.java:703

org::sleuthkit.autopsy.datasourcesummary.datamodel.UserActivitySummary.TYPE_DOMAIN
static final BlackboardAttribute.Type TYPE_DOMAIN
Definition: UserActivitySummary.java:102

org::sleuthkit::datamodel::BlackboardAttribute

org::sleuthkit.autopsy.datasourcesummary.datamodel.UserActivitySummary.TYPE_DEVICE_ID
static final BlackboardAttribute.Type TYPE_DEVICE_ID
Definition: UserActivitySummary.java:93

org::sleuthkit.autopsy.datasourcesummary.datamodel.UserActivitySummary.getWebSearchResult
static TopWebSearchResult getWebSearchResult(BlackboardArtifact artifact)
Definition: UserActivitySummary.java:379

org::sleuthkit::datamodel::SleuthkitCase::getBlackboard
Blackboard getBlackboard()

org::sleuthkit.autopsy.datasourcesummary.datamodel.UserActivitySummary.TYPE_DATETIME_START
static final BlackboardAttribute.Type TYPE_DATETIME_START
Definition: UserActivitySummary.java:100

org::sleuthkit.autopsy.texttranslation.TextTranslationService.translate
synchronized String translate(String input)
Definition: TextTranslationService.java:80

org::sleuthkit.autopsy.datasourcesummary.datamodel.SleuthkitCaseProvider
Definition: SleuthkitCaseProvider.java:32

org::sleuthkit.autopsy.texttranslation.NoServiceProviderException
Definition: NoServiceProviderException.java:25

org::sleuthkit::datamodel::BlackboardArtifact::ARTIFACT_TYPE::TSK_DEVICE_ATTACHED
TSK_DEVICE_ATTACHED

org::sleuthkit.autopsy.datasourcesummary.datamodel.UserActivitySummary.TopWebSearchResult
Definition: UserActivitySummary.java:855

org::sleuthkit.autopsy.datasourcesummary.datamodel.UserActivitySummary.TopDeviceAttachedResult
Definition: UserActivitySummary.java:899

org::sleuthkit::datamodel::BlackboardAttribute::ATTRIBUTE_TYPE::TSK_DOMAIN
TSK_DOMAIN

org::sleuthkit.autopsy.datasourcesummary.datamodel.UserActivitySummary.TopAccountResult.accountType
final String accountType
Definition: UserActivitySummary.java:949

org

org::sleuthkit.autopsy.datasourcesummary.datamodel.UserActivitySummary.getDomainsResult
TopDomainsResult getDomainsResult(String domain, List< Pair< BlackboardArtifact, Long >> visits, long mostRecentMs)
Definition: UserActivitySummary.java:270

org::sleuthkit::datamodel::BlackboardArtifact::ARTIFACT_TYPE::TSK_MESSAGE
TSK_MESSAGE

org::sleuthkit.autopsy.datasourcesummary.datamodel.UserActivitySummary.DOMAIN_WINDOW_MS
static final long DOMAIN_WINDOW_MS
Definition: UserActivitySummary.java:145

org::sleuthkit.autopsy.datasourcesummary.datamodel.UserActivitySummary.WINDOWS_PREFIX
static final String WINDOWS_PREFIX
Definition: UserActivitySummary.java:108

org::sleuthkit.autopsy.datasourcesummary.datamodel.UserActivitySummary.getMax
static Long getMax(Long num1, Long num2)
Definition: UserActivitySummary.java:361

org::sleuthkit.autopsy.datasourcesummary.datamodel.UserActivitySummary.DEVICE_EXCLUDE_LIST
static final Set< String > DEVICE_EXCLUDE_LIST
Definition: UserActivitySummary.java:140

org::sleuthkit::datamodel::BlackboardAttribute::ATTRIBUTE_TYPE::TSK_PROG_NAME
TSK_PROG_NAME

org::sleuthkit.autopsy.datasourcesummary.datamodel.UserActivitySummary.TopProgramsResult.getProgramPath
String getProgramPath()
Definition: UserActivitySummary.java:1042

org::sleuthkit.autopsy.datasourcesummary.datamodel.UserActivitySummary.getRecentAccounts
List< TopAccountResult > getRecentAccounts(DataSource dataSource, int count)
Definition: UserActivitySummary.java:606

org::sleuthkit.autopsy.datasourcesummary.datamodel.UserActivitySummary.TYPE_DEVICE_MAKE
static final BlackboardAttribute.Type TYPE_DEVICE_MAKE
Definition: UserActivitySummary.java:94

org::sleuthkit.autopsy.datasourcesummary.datamodel.UserActivitySummary.TYPE_PATH
static final BlackboardAttribute.Type TYPE_PATH
Definition: UserActivitySummary.java:104

org::sleuthkit.autopsy.datasourcesummary.datamodel.UserActivitySummary.UserActivitySummary
UserActivitySummary(SleuthkitCaseProvider provider, TextTranslationService translationService, java.util.logging.Logger logger)
Definition: UserActivitySummary.java:168

org::sleuthkit::datamodel::BlackboardAttribute::ATTRIBUTE_TYPE::TSK_DATETIME_START
TSK_DATETIME_START

org::sleuthkit.autopsy.datasourcesummary.datamodel.UserActivitySummary.TopProgramsResult.runTimes
final Long runTimes
Definition: UserActivitySummary.java:1015

org::sleuthkit.autopsy.datasourcesummary.datamodel.UserActivitySummary.nullableCompare
static int nullableCompare(Long long1, Long long2)
Definition: UserActivitySummary.java:722

org::sleuthkit.autopsy.datasourcesummary.datamodel.UserActivitySummary.getMostRecentWebSearches
List< TopWebSearchResult > getMostRecentWebSearches(DataSource dataSource, int count)
Definition: UserActivitySummary.java:402

org::sleuthkit::datamodel::BlackboardArtifact

org::sleuthkit::datamodel::BlackboardArtifact::Type

org::sleuthkit.autopsy.datasourcesummary.datamodel.UserActivitySummary.assertValidCount
static void assertValidCount(int count)
Definition: UserActivitySummary.java:183

org::sleuthkit.autopsy.datasourcesummary.datamodel.UserActivitySummary.getMessageAccountResult
static TopAccountResult getMessageAccountResult(BlackboardArtifact artifact)
Definition: UserActivitySummary.java:553

org::sleuthkit::datamodel::BlackboardAttribute::ATTRIBUTE_TYPE::TSK_DEVICE_ID
TSK_DEVICE_ID

org::sleuthkit::datamodel::BlackboardArtifact::ARTIFACT_TYPE::TSK_WEB_HISTORY
TSK_WEB_HISTORY

org::sleuthkit::datamodel::BlackboardArtifact::ARTIFACT_TYPE::TSK_WEB_SEARCH_QUERY
TSK_WEB_SEARCH_QUERY

org::sleuthkit.autopsy.datasourcesummary.datamodel.UserActivitySummary.TopAccountResult
Definition: UserActivitySummary.java:947

org::sleuthkit.autopsy.datasourcesummary.datamodel.UserActivitySummary.DOMAIN_EXCLUDE_LIST
static final Set< String > DOMAIN_EXCLUDE_LIST
Definition: UserActivitySummary.java:141

org::sleuthkit.autopsy.coreutils
Definition: AppSQLiteDB.java:19

org::sleuthkit.autopsy.datasourcesummary.datamodel.UserActivitySummary.TopProgramsResult.getRunTimes
Long getRunTimes()
Definition: UserActivitySummary.java:1049

org::sleuthkit.autopsy.coreutils.Logger
Definition: Logger.java:36

org::sleuthkit.autopsy.datasourcesummary.datamodel.UserActivitySummary.NTOS_BOOT_IDENTIFIER
static final String NTOS_BOOT_IDENTIFIER
Definition: UserActivitySummary.java:107

org::sleuthkit::datamodel::BlackboardAttribute::ATTRIBUTE_TYPE::TSK_DATETIME
TSK_DATETIME

org::sleuthkit.autopsy.datasourcesummary.datamodel.UserActivitySummary.TYPE_COUNT
static final BlackboardAttribute.Type TYPE_COUNT
Definition: UserActivitySummary.java:105

org::sleuthkit.autopsy.datasourcesummary.datamodel.UserActivitySummary.getRecentDevices
List< TopDeviceAttachedResult > getRecentDevices(DataSource dataSource, int count)
Definition: UserActivitySummary.java:512

org::sleuthkit.autopsy.datasourcesummary.datamodel.UserActivitySummary.TopAccountResult.TopAccountResult
TopAccountResult(String accountType, Date lastAccess, BlackboardArtifact artifact)
Definition: UserActivitySummary.java:958

org::sleuthkit.autopsy.datasourcesummary.datamodel.UserActivitySummary.getTopProgramsResult
TopProgramsResult getTopProgramsResult(BlackboardArtifact artifact)
Definition: UserActivitySummary.java:668

org::sleuthkit.autopsy.datasourcesummary.datamodel.UserActivitySummary.TopDeviceAttachedResult.deviceModel
final String deviceModel
Definition: UserActivitySummary.java:903

org::sleuthkit.autopsy.datasourcesummary.datamodel.UserActivitySummary.TopDeviceAttachedResult.deviceId
final String deviceId
Definition: UserActivitySummary.java:901

org::sleuthkit::datamodel::Blackboard::getArtifacts
List< BlackboardArtifact > getArtifacts(int artifactTypeID, long dataSourceObjId)

org::sleuthkit::datamodel::DataSource

org::sleuthkit.autopsy.datasourcesummary.datamodel.UserActivitySummary.TopDeviceAttachedResult.deviceMake
final String deviceMake
Definition: UserActivitySummary.java:902

org::sleuthkit.autopsy.datasourcesummary.datamodel.UserActivitySummary.LastAccessedArtifact.getLastAccessed
Date getLastAccessed()
Definition: UserActivitySummary.java:840

org::sleuthkit.autopsy.datasourcesummary.datamodel.UserActivitySummary.getMostRecentDevice
TopDeviceAttachedResult getMostRecentDevice(TopDeviceAttachedResult r1, TopDeviceAttachedResult r2)
Definition: UserActivitySummary.java:486

org::sleuthkit::datamodel::BlackboardAttribute::ATTRIBUTE_TYPE::TSK_DATETIME_RCVD
TSK_DATETIME_RCVD

org::sleuthkit.autopsy.datasourcesummary.datamodel.UserActivitySummary.TopDomainsResult.getDomain
String getDomain()
Definition: UserActivitySummary.java:996

org::sleuthkit::datamodel::BlackboardAttribute::ATTRIBUTE_TYPE::TSK_PATH
TSK_PATH

org::sleuthkit.autopsy.datasourcesummary.datamodel.UserActivitySummary.TopProgramsResult.programName
final String programName
Definition: UserActivitySummary.java:1013

org::sleuthkit.autopsy.texttranslation.TextTranslationService.getInstance
static TextTranslationService getInstance()
Definition: TextTranslationService.java:47

org::sleuthkit.autopsy.datasourcesummary.datamodel.UserActivitySummary.getTranslationOrNull
String getTranslationOrNull(String original)
Definition: UserActivitySummary.java:455

org::sleuthkit.autopsy.datasourcesummary.datamodel.UserActivitySummary.LastAccessedArtifact.artifact
final BlackboardArtifact artifact
Definition: UserActivitySummary.java:824

org::sleuthkit::datamodel::BlackboardAttribute::ATTRIBUTE_TYPE::TSK_DATETIME_SENT
TSK_DATETIME_SENT

org::sleuthkit::datamodel::TskCoreException

org::sleuthkit.autopsy.datasourcesummary.datamodel.UserActivitySummary.TopProgramsResult.getProgramName
String getProgramName()
Definition: UserActivitySummary.java:1035

org::sleuthkit.autopsy.datasourcesummary

org::sleuthkit.autopsy.datasourcesummary.datamodel.UserActivitySummary.DOMAIN_WINDOW_DAYS
static final long DOMAIN_WINDOW_DAYS
Definition: UserActivitySummary.java:144

org::sleuthkit.autopsy.datasourcesummary.datamodel.UserActivitySummary.translationService
final TextTranslationService translationService
Definition: UserActivitySummary.java:148

org::sleuthkit.autopsy.datasourcesummary.datamodel.DataSourceInfoUtilities.getArtifacts
static List< BlackboardArtifact > getArtifacts(SleuthkitCase skCase, BlackboardArtifact.Type artifactType, DataSource dataSource, BlackboardAttribute.Type attributeType, SortOrder sortOrder)
Definition: DataSourceInfoUtilities.java:188

org::sleuthkit::datamodel::BlackboardArtifact::ARTIFACT_TYPE::TSK_EMAIL_MSG
TSK_EMAIL_MSG

org::sleuthkit.autopsy.texttranslation
Definition: NoServiceProviderException.java:19

org::sleuthkit.autopsy.datasourcesummary.datamodel.UserActivitySummary.TYPE_DATETIME_SENT
static final BlackboardAttribute.Type TYPE_DATETIME_SENT
Definition: UserActivitySummary.java:99

org::sleuthkit.autopsy.datasourcesummary.datamodel.UserActivitySummary.MS_PER_DAY
static final long MS_PER_DAY
Definition: UserActivitySummary.java:143

org::sleuthkit::datamodel::BlackboardAttribute::ATTRIBUTE_TYPE::TSK_DATETIME_END
TSK_DATETIME_END

org::sleuthkit.autopsy.datasourcesummary.datamodel.UserActivitySummary.TopWebSearchResult.translatedResult
String translatedResult
Definition: UserActivitySummary.java:858

org::sleuthkit.autopsy.datasourcesummary.datamodel.DataSourceInfoUtilities.SortOrder
Definition: DataSourceInfoUtilities.java:163

org::sleuthkit::datamodel::Content::getId
long getId()

org::sleuthkit.autopsy.datasourcesummary.datamodel.UserActivitySummary.TYPE_DATETIME_ACCESSED
static final BlackboardAttribute.Type TYPE_DATETIME_ACCESSED
Definition: UserActivitySummary.java:92

org::sleuthkit.autopsy.datasourcesummary.datamodel.UserActivitySummary.TOP_ACCOUNT_RESULT_DATE_COMPARE
static final Comparator< TopAccountResult > TOP_ACCOUNT_RESULT_DATE_COMPARE
Definition: UserActivitySummary.java:110

org::sleuthkit.autopsy.datasourcesummary.datamodel.UserActivitySummary.TopDomainsResult
Definition: UserActivitySummary.java:974

org::sleuthkit.autopsy.datasourcesummary.datamodel.UserActivitySummary.TopWebSearchResult.TopWebSearchResult
TopWebSearchResult(String searchString, Date dateAccessed, BlackboardArtifact artifact)
Definition: UserActivitySummary.java:867

org::sleuthkit.autopsy.datasourcesummary.datamodel.UserActivitySummary
Definition: UserActivitySummary.java:56

org::sleuthkit.autopsy.datasourcesummary.datamodel.UserActivitySummary.TopProgramsResult
Definition: UserActivitySummary.java:1011

org::sleuthkit.autopsy.datasourcesummary.datamodel.UserActivitySummary.getTopPrograms
List< TopProgramsResult > getTopPrograms(DataSource dataSource, int count)
Definition: UserActivitySummary.java:764

org::sleuthkit.autopsy.datasourcesummary.datamodel.DataSourceInfoUtilities.getLongOrNull
static Long getLongOrNull(BlackboardArtifact artifact, Type attributeType)
Definition: DataSourceInfoUtilities.java:401

org::sleuthkit::datamodel::BlackboardAttribute::ATTRIBUTE_TYPE::TSK_DEVICE_MODEL
TSK_DEVICE_MODEL

org::sleuthkit.autopsy.datasourcesummary.datamodel.UserActivitySummary.getDomainGroupsAndMostRecent
Pair< Long, Map< String, List< Pair< BlackboardArtifact, Long > > > > getDomainGroupsAndMostRecent(DataSource dataSource)
Definition: UserActivitySummary.java:315

org::sleuthkit.autopsy.datasourcesummary.datamodel.UserActivitySummary.TopDeviceAttachedResult.getDeviceMake
String getDeviceMake()
Definition: UserActivitySummary.java:931

org::sleuthkit::datamodel::BlackboardAttribute::ATTRIBUTE_TYPE::TSK_TEXT
TSK_TEXT

org::sleuthkit.autopsy.texttranslation.TranslationException
Definition: TranslationException.java:24

org::sleuthkit.autopsy.texttranslation.TextTranslationService.hasProvider
synchronized boolean hasProvider()
Definition: TextTranslationService.java:122

org::sleuthkit::datamodel::BlackboardArtifact::ARTIFACT_TYPE::TSK_CALLLOG
TSK_CALLLOG

org::sleuthkit.autopsy.datasourcesummary.datamodel.UserActivitySummary.isPositiveNum
static boolean isPositiveNum(Long longNum)
Definition: UserActivitySummary.java:741

org::sleuthkit.autopsy.datasourcesummary.datamodel.UserActivitySummary.TopWebSearchResult.getSearchString
String getSearchString()
Definition: UserActivitySummary.java:891

org::sleuthkit::datamodel::BlackboardAttribute::Type

org::sleuthkit::datamodel::BlackboardArtifact::ARTIFACT_TYPE::TSK_PROG_RUN
TSK_PROG_RUN

org::sleuthkit.autopsy.datasourcesummary.datamodel.UserActivitySummary.caseProvider
final SleuthkitCaseProvider caseProvider
Definition: UserActivitySummary.java:147

org::sleuthkit.autopsy.datasourcesummary.datamodel.DataSourceInfoUtilities.getIntOrNull
static Integer getIntOrNull(BlackboardArtifact artifact, Type attributeType)
Definition: DataSourceInfoUtilities.java:415

org::sleuthkit.autopsy.datasourcesummary.datamodel.UserActivitySummary.TopDomainsResult.visitTimes
final Long visitTimes
Definition: UserActivitySummary.java:977

org::sleuthkit.autopsy.datasourcesummary.datamodel.UserActivitySummary.TopWebSearchResult.searchString
final String searchString
Definition: UserActivitySummary.java:857

org::sleuthkit.autopsy.datasourcesummary.datamodel.UserActivitySummary.getRecentDomains
List< TopDomainsResult > getRecentDomains(DataSource dataSource, int count)
Definition: UserActivitySummary.java:232

org::sleuthkit.autopsy.datasourcesummary.datamodel.UserActivitySummary.TopWebSearchResult.setTranslatedResult
void setTranslatedResult(String translatedResult)
Definition: UserActivitySummary.java:884

org::sleuthkit.autopsy.datasourcesummary.datamodel.UserActivitySummary.TYPE_DATETIME_END
static final BlackboardAttribute.Type TYPE_DATETIME_END
Definition: UserActivitySummary.java:101

org::sleuthkit.autopsy.datasourcesummary.datamodel.UserActivitySummary.LastAccessedArtifact
Definition: UserActivitySummary.java:821

org::sleuthkit::datamodel::BlackboardAttribute::ATTRIBUTE_TYPE::TSK_DATETIME_ACCESSED
TSK_DATETIME_ACCESSED

org::sleuthkit.autopsy.datasourcesummary.datamodel.UserActivitySummary.TOP_PROGRAMS_RESULT_COMPARE
static final Comparator< TopProgramsResult > TOP_PROGRAMS_RESULT_COMPARE
Definition: UserActivitySummary.java:117

org::sleuthkit.autopsy.datasourcesummary.datamodel.UserActivitySummary.TopDeviceAttachedResult.getDeviceModel
String getDeviceModel()
Definition: UserActivitySummary.java:938

org::sleuthkit::datamodel

org::sleuthkit.autopsy.datasourcesummary.datamodel.UserActivitySummary.TYPE_MESSAGE_TYPE
static final BlackboardAttribute.Type TYPE_MESSAGE_TYPE
Definition: UserActivitySummary.java:96

org::sleuthkit.autopsy.coreutils.Logger.getLogger
synchronized static Logger getLogger(String name)
Definition: Logger.java:124

org::sleuthkit.autopsy.datasourcesummary.datamodel.UserActivitySummary.UserActivitySummary
UserActivitySummary()
Definition: UserActivitySummary.java:154

org::sleuthkit.autopsy.datasourcesummary.datamodel.UserActivitySummary.TYPE_TEXT
static final BlackboardAttribute.Type TYPE_TEXT
Definition: UserActivitySummary.java:97

org::sleuthkit.autopsy.datasourcesummary.datamodel.UserActivitySummary.TopWebSearchResult.getTranslatedResult
String getTranslatedResult()
Definition: UserActivitySummary.java:875

org::sleuthkit.autopsy

org::sleuthkit.autopsy.datasourcesummary.datamodel.UserActivitySummary.LastAccessedArtifact.lastAccessed
final Date lastAccessed
Definition: UserActivitySummary.java:823

org::sleuthkit.autopsy.datasourcesummary.datamodel.UserActivitySummary.TYPE_PROG_NAME
static final BlackboardAttribute.Type TYPE_PROG_NAME
Definition: UserActivitySummary.java:103

org::sleuthkit.autopsy.datasourcesummary.datamodel.UserActivitySummary.TopDomainsResult.getVisitTimes
Long getVisitTimes()
Definition: UserActivitySummary.java:1003

org::sleuthkit::datamodel::BlackboardAttribute::ATTRIBUTE_TYPE

org::sleuthkit.autopsy.datasourcesummary.datamodel.UserActivitySummary.TopDeviceAttachedResult.TopDeviceAttachedResult
TopDeviceAttachedResult(String deviceId, Date dateAccessed, String deviceMake, String deviceModel, BlackboardArtifact artifact)
Definition: UserActivitySummary.java:914

org::sleuthkit.autopsy.datasourcesummary.datamodel.UserActivitySummary.TYPE_DEVICE_ATTACHED
static final BlackboardArtifact.Type TYPE_DEVICE_ATTACHED
Definition: UserActivitySummary.java:88

org::sleuthkit.autopsy.datasourcesummary.datamodel.DataSourceInfoUtilities.getDateOrNull
static Date getDateOrNull(BlackboardArtifact artifact, Type attributeType)
Definition: DataSourceInfoUtilities.java:430

org::sleuthkit.autopsy.datasourcesummary.datamodel.UserActivitySummary.TYPE_DATETIME_RCVD
static final BlackboardAttribute.Type TYPE_DATETIME_RCVD
Definition: UserActivitySummary.java:98

org::sleuthkit.autopsy.datasourcesummary.datamodel.UserActivitySummary.TYPE_WEB_HISTORY
static final BlackboardArtifact.Type TYPE_WEB_HISTORY
Definition: UserActivitySummary.java:89

org::sleuthkit.autopsy.datasourcesummary.datamodel.SleuthkitCaseProvider.get
SleuthkitCase get()

org::sleuthkit.autopsy.datasourcesummary.datamodel.UserActivitySummary.getShortFolderName
static String getShortFolderName(String strPath, String applicationName)
Definition: UserActivitySummary.java:197

org::sleuthkit.autopsy.texttranslation.TextTranslationService
Definition: TextTranslationService.java:32

org::sleuthkit.autopsy.datasourcesummary.datamodel.DataSourceInfoUtilities.getStringOrNull
static String getStringOrNull(BlackboardArtifact artifact, Type attributeType)
Definition: DataSourceInfoUtilities.java:387

org::sleuthkit.autopsy.datasourcesummary.datamodel.UserActivitySummary.LastAccessedArtifact.getArtifact
BlackboardArtifact getArtifact()
Definition: UserActivitySummary.java:847

org::sleuthkit::datamodel::BlackboardArtifact::ARTIFACT_TYPE

org::sleuthkit.autopsy.datasourcesummary.datamodel.UserActivitySummary.TopAccountResult.getAccountType
String getAccountType()
Definition: UserActivitySummary.java:966

org::sleuthkit.autopsy.datasourcesummary.datamodel.UserActivitySummary.SHORT_FOLDER_MATCHERS
static final List< Function< List< String >, String > > SHORT_FOLDER_MATCHERS
Definition: UserActivitySummary.java:62

org::sleuthkit.autopsy.datasourcesummary.datamodel.UserActivitySummary.TopDeviceAttachedResult.getDeviceId
String getDeviceId()
Definition: UserActivitySummary.java:924

org::sleuthkit.autopsy.datasourcesummary.datamodel.UserActivitySummary.TopProgramsResult.programPath
final String programPath
Definition: UserActivitySummary.java:1014

org::sleuthkit.autopsy.datasourcesummary.datamodel.UserActivitySummary.getAccountResult
static TopAccountResult getAccountResult(BlackboardArtifact artifact, String messageType, BlackboardAttribute.Type...dateAttrs)
Definition: UserActivitySummary.java:572

org::sleuthkit.autopsy.datasourcesummary.datamodel.SleuthkitCaseProvider.SleuthkitCaseProviderException
Definition: SleuthkitCaseProvider.java:38

org::sleuthkit::datamodel::BlackboardAttribute::ATTRIBUTE_TYPE::TSK_MESSAGE_TYPE
TSK_MESSAGE_TYPE